all-llm-operations-are-defensively-bounded

OUT derived (depth 3)

All three LLM-facing operations — interactive query (ask), batch derivation (derive), and belief classification (list_negative) — apply consistent defensive patterns: bounded execution, fail-soft error handling, hallucination filtering, and graceful degradation on LLM unavailability.

Summary

Every place the system calls an LLM — whether answering a user question, generating new derived claims, or classifying negative beliefs — is protected by the same safety net: execution limits, graceful fallbacks when the LLM is unavailable or returns garbage, and filtering to catch hallucinated results. This claim is currently retracted, meaning at least one of those operational paths may not actually meet this standard.

Justifications

SL — ask+derive defensive bounds (depth-2) combined with list_negative's two-stage classification and hallucination filtering (depth-1) cover all three LLM-facing operations

Antecedents (all must be IN):

  • all-llm-interactions-are-bounded-and-fail-soft — All LLM-facing operations apply consistent defensive patterns across both interactive (ask) and batch (derive) paths: bounded execution (iteration caps, timeout handling), fail-soft error recovery (fallback to raw results or skipped proposals), and environment isolation (stripping recursive invocation variables).
  • list-negative-is-defensively-bounded — The negative belief listing pipeline applies defense-in-depth: keyword pre-filtering narrows candidates before LLM classification, hallucinated node IDs are discarded against the actual network, and malformed LLM output falls back gracefully to zero count rather than raising.

Dependents

These beliefs depend on this one:

Details